How do I delete an IP address that is listed with multiple protocols from a GPO? (NETIQKB70177)

  • Document ID:7770177
  • Creation Date:09-Apr-2007
  • Modified Date:20-Jun-2007
    • Micro Focus Products:
      Group Policy Administrator

Resolution

Goal

How do I delete an IP address that is listed with multiple protocols from a GPO?

Fact

NetIQ Group Policy Administrator 5.0 SP1

Symptom

 

If you have added an IP address with multiple protocols (http, ftp, https) to the GPO Settings Report, this report still displays IP addresses with the protocols you specified even after deleting the IP address.

 

Symptom

 

If you add an IP address with multiple protocols (http, ftp, https) to The Security Zones and Privacy Settings

section of a GPO and then delete the IP address, GPA displays errors when adding the same IP address back into the GPO.

 

Symptom

 

After adding the same IP address to the Security Zones and Privacy Settings section of a GPO several times with different protocols (ftp, http, https), GPA displays only the IP address and not the same IP address with the specified protocols.

 

Cause

 

Native Windows processing stores these IP address settings in the Registry. If you add an IP address and add the same IP address with different protocols (http, ftp, https), the Registry stores the IP address as a REG_SZ data type and stores each protocol separately as a REG_DWORD data type. GPA displays only the REG_SZ data type when editing the GPO, and When you delete the IP address from the GPO this deletes the REG_SZ data type but does not delete the REG_DWORD data types. This also occurs with native tools.

 

Fix

 

If you want to delete an IP address that is listed with multiple protocols from a GPO, you must manaually delete the protocol settings from the Registry and then re-import the Security Zones and Privacy Settings section into the GPO. The GPO IP address settings are stored in HKCU\Software\Microsoft\Windows\Current Version\Internet Settings\Zone Map\Ranges.

 

For more details please see Microsoft KB article "Description of Internet Explorer security zones registry entries" available at http://support.microsoft.com/kb/182569.

 

Note: These problems with IP addresses in the Security Zones and Privacy Settings section of GPOs occurs only after you install NetIQ hotfix 70119. For more information about hotfix 70119 see NetIQ KB article NETIQKB70119 available at https://support.netiq.com/gpa .

Additional Information

Formerly known as NETIQKB70177